glib/glib/glib-private.c

/* GLIB - Library of useful routines for C programming
 * Copyright (C) 2011 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 * Author: Colin Walters <walters@verbum.org>
 */

#include "config.h"

#include "glib-private.h"
#include "glib-init.h"

/**
 * glib__private__:
 * @arg: Do not use this argument
 *
 * Do not call this function; it is used to share private
 * API between glib, gobject, and gio.
 */
GLibPrivateVTable *
glib__private__ (void)
{
  static GLibPrivateVTable table = {
    g_wakeup_new,
    g_wakeup_free,
    g_wakeup_get_pollfd,
    g_wakeup_signal,
    g_wakeup_acknowledge,

    g_get_worker_context,

    g_check_setuid,
    g_main_context_new_with_next_id,

    g_dir_open_with_errno,
    g_dir_new_from_dirp,

    glib_init,
  };

  return &table;
}
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`/* GLIB - Library of useful routines for C programming`
			`* Copyright (C) 2011 Red Hat, Inc.`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Lesser General Public`
			`* License as published by the Free Software Foundation; either`
glib/: LGPLv2+ -> LGPLv2.1+ All glib/*.{c,h} files have been processed, as well as gtester-report. 12 of those files are not licensed under LGPL: gbsearcharray.h gconstructor.h glibintl.h gmirroringtable.h gscripttable.h gtranslit-data.h gunibreak.h gunichartables.h gunicomp.h gunidecomp.h valgrind.h win_iconv.c Some of them are generated files, some are licensed under a BSD-style license and win_iconv.c is in the public domain. Sub-directories inside glib/: deprecated/: processed in a previous commit glib-mirroring-tab/: already LGPLv2.1+ gnulib/: not modified, the code is copied from gnulib libcharset/: a copy pcre/: a copy tests/: processed in a previous commit https://bugzilla.gnome.org/show_bug.cgi?id=776504 2017-01-05 12:47:07 +01:00			`* version 2.1 of the License, or (at your option) any later version.`
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* Lesser General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public`
Updated FSF's address 2014-01-23 12:58:29 +01:00			`* License along with this library; if not, see <http://www.gnu.org/licenses/>.`
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`*`
			`* Author: Colin Walters <walters@verbum.org>`
			`*/`

various: add missing cases of #include "config.h" 2012-12-06 13:29:31 -05:00			`#include "config.h"`

Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`#include "glib-private.h"`
Export glib_init via GLIB_PRIVATE_CALL This will be used in the next commit to call glib_init from the gobject constructor, to ensure proper constructor ordering with non-GNU libc. https://bugzilla.gnome.org/show_bug.cgi?id=756139 2015-10-06 19:45:38 -04:00			`#include "glib-init.h"`
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00
			`/**`
			`* glib__private__:`
			`* @arg: Do not use this argument`
			`*`
			`* Do not call this function; it is used to share private`
			`* API between glib, gobject, and gio.`
			`*/`
			`GLibPrivateVTable *`
			`glib__private__ (void)`
			`{`
			`static GLibPrivateVTable table = {`
			`g_wakeup_new,`
			`g_wakeup_free,`
			`g_wakeup_get_pollfd,`
			`g_wakeup_signal,`
glib worker: move to glib-private framework Remove the private glib_get_worker_context() symbol and move it over to using the glib-private stuff like GWakeup is doing. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-09 14:30:25 -04:00			`g_wakeup_acknowledge,`

CVE-2012-3524: Hardening for being run in a setuid environment Some programs attempt to use libglib (or even libgio) when setuid. For a long time, GTK+ simply aborted if launched in this configuration, but we never had a real policy for GLib. I'm not sure whether we should advertise such support. However, given that there are real-world programs that do this currently, we can make them safer with not too much effort. Better to fix a problem caused by an interaction between two components in both places if possible. This patch adds a private function g_check_setuid() which is used to first ensure we don't run an external dbus-launch binary if DBUS_SESSION_BUS_ADDRESS isn't set. Second, we also ensure the local VFS is used in this case. The gdaemonvfs extension point will end up talking to the session bus which is typically undesirable in a setuid context. Implementing g_check_setuid() is interesting - whether or not we're running in a privilege-escalated path is operating system specific. Note that GTK+'s code to check euid versus uid worked historically on Unix, more modern systems have filesystem capabilities and SELinux domain transitions, neither of which are captured by the uid comparison. On Linux/glibc, the way this works is that the kernel sets an AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on startup. If found, then glibc sets a public-but-undocumented __libc_enable_secure variable which we can use. Unfortunately, while it previously worked to check this variable, a combination of newer binutils and RPM break it: http://www.openwall.com/lists/owl-dev/2012/08/14/1 So for now on Linux/glibc, we fall back to the historical Unix version until we get glibc fixed. On some BSD variants, there is a issetugid() function. On other Unix variants, we fall back to what GTK+ has been doing. Reported-By: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Colin Walters <walters@verbum.org> 2012-08-22 14:26:11 -04:00			`g_get_worker_context,`

gmain: Handle case where source id overflows 0 is not a valid source id, but for long-lived programs that rapidly create/destroy sources, it's possible for the source id to overflow. We should handle this, because the documentation implies we will. https://bugzilla.gnome.org/show_bug.cgi?id=687098 2012-11-08 09:12:25 -05:00			`g_check_setuid,`
GDir: add some glib-private APIs Add a simple UNIX-only API that is used to create a GDir object from a DIR* that is aquired using opendir() or fdopendir(). This makes it possible to use GDir with openat(), which in turn will allow use of GDir in the existing GLocalFile implementation of g_file_measure_disk_usage(), avoiding the current MSVC compatibility problems there. Also add an API similar to g_dir_open(), but without the GError handling (since we want to create a better error message from inside of glocalfile.c). Thanks to Chun-wei Fan <fanchunwei@src.gnome.org> for portions of this patch and for reviews. https://bugzilla.gnome.org/show_bug.cgi?id=707787 2013-09-12 17:00:29 +08:00			`g_main_context_new_with_next_id,`

			`g_dir_open_with_errno,`
Maintain the struct order when initializing Otherwise it'll break every GLIB_PRIVATE_CALL user. 2015-10-08 12:32:58 +01:00			`g_dir_new_from_dirp,`

			`glib_init,`
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`};`
glib worker: move to glib-private framework Remove the private glib_get_worker_context() symbol and move it over to using the glib-private stuff like GWakeup is doing. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-09 14:30:25 -04:00
Add glib__private__() API to share between glib,gio; port GWakeup to it Historically we've added random symbols to the public API with warnings that they're private; examples are: glib_gettext(), glib_pgettext() g_thread_functions_for_glib_use, g_thread_use_default_impl, etc. And we almost added "GWakeup" to public API just to share between glib and gio. This new glib__private__() API exports a hidden vtable, and adds a macro GLIB_PRIVATE_CALL() that makes it generally convenient to use. This adds an extremely tiny cost for the double indirection; but it has the benefit that we don't need to either: 1) compile the code into both glib and gio (like GWakeup), with the inefficiency that implies. 2) Export a "do not use this" symbol; the serious problem with this is that someone CAN use it pretty easily. Particularly if we document it. It's far, far harder to peek into a structure without a public header file. https://bugzilla.gnome.org/show_bug.cgi?id=657992 2011-09-01 14:32:11 -04:00			`return &table;`
			`}`